-
Type:
Bug
-
Status: Resolved
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 2021.0
-
Component/s: Collections
-
Release Notes Summary:Proxy indexing with Elasticsearch/Opensearch is fixed.
-
Tags:
-
Backlog priority:650
-
Sprint:nxplatform #109, nxplatform #110
-
Story Points:3
This case happens when the user adding the live proxy to the collection does not have Read permission on the live document.
Steps to reproduce:
- log in as Administrator
- create a user "jack" who belongs to the "members" group
- create a File document "foo" in the personal workspace
- create a workspace "myworkspace" under /default-domain/workspaces
- use the Document.CreateLiveProxy operation to create a live proxy
curl -X POST 'http://localhost:8080/nuxeo/site/automation/Document.CreateLiveProxy' -H 'Nuxeo-Transaction-Timeout: 3' -H 'X-NXproperties: *' -H 'X-NXRepository: default' -H 'X-NXVoidOperation: false' -H 'content-type: application/json' -d '{"params":{"Destination Path":"/default-domain/workspaces/myworkspace"},"input":"/default-domain/UserWorkspaces/Administrator/foo","context":{}}' -u Administrator:<PASSWORD>
- log in a jack
- navigate to the live proxy "foo" in /default-domain/workspaces/myworkspace
- click on the button to add the document to a collection
- observe that the document is added to a collection
- at the same time in the logs an error is produced and related to the ES indexing
ERROR [EventServiceImpl] Exception during elasticSearchInlineListener sync listener execution (after 2ms), continuing to run other listeners org.nuxeo.ecm.core.api.DocumentSecurityException: Privilege 'Read' is not granted to 'jack' at org.nuxeo.ecm.core.api.AbstractSession.checkPermission(AbstractSession.java:272) ~[nuxeo-core-2021.50.12.jar:?] at org.nuxeo.ecm.core.api.AbstractSession.getDocument(AbstractSession.java:1029) ~[nuxeo-core-2021.50.12.jar:?] at org.nuxeo.elasticsearch.commands.IndexingCommandsStacker.stackCommand(IndexingCommandsStacker.java:155) ~[nuxeo-elasticsearch-core-2021.49.2.jar:?] at org.nuxeo.elasticsearch.commands.IndexingCommandsStacker.stackCommand(IndexingCommandsStacker.java:106) ~[nuxeo-elasticsearch-core-2021.49.2.jar:?] at org.nuxeo.elasticsearch.commands.IndexingCommandsStacker.stackCommand(IndexingCommandsStacker.java:93) ~[nuxeo-elasticsearch-core-2021.49.2.jar:?] at org.nuxeo.elasticsearch.listener.ElasticSearchInlineListener.handleEvent(ElasticSearchInlineListener.java:110) ~[nuxeo-elasticsearch-core-2021.49.2.jar:?] at org.nuxeo.ecm.core.event.impl.EventServiceImpl.fireEvent(EventServiceImpl.java:280) ~[nuxeo-core-event-2021.45.8.jar:?] at org.nuxeo.ecm.core.api.AbstractSession.notifyEvent(AbstractSession.java:318) ~[nuxeo-core-2021.50.12.jar:?] at org.nuxeo.ecm.core.api.AbstractSession.saveDocument(AbstractSession.java:1737) ~[nuxeo-core-2021.50.12.jar:?] at org.nuxeo.ecm.collections.core.CollectionManagerImpl$1.run(CollectionManagerImpl.java:103) ~[nuxeo-platform-collections-core-2021.34.5.jar:?] at org.nuxeo.ecm.core.api.UnrestrictedSessionRunner.runUnrestricted(UnrestrictedSessionRunner.java:123) ~[nuxeo-core-api-2021.50.12.jar:?] at org.nuxeo.ecm.collections.core.CollectionManagerImpl.addToCollection(CollectionManagerImpl.java:107) ~[nuxeo-platform-collections-core-2021.34.5.jar:?] at org.nuxeo.ecm.automation.core.operations.collections.AddToCollectionOperation.run(AddToCollectionOperation.java:62) ~[nuxeo-automation-features-2021.50.12.jar:?]
Expected behavior: the live proxy is added to the collection and no error happens
Possible cause: The bug may be related to the fact that the adapted document used in the unrestricted session block in CollectionManagerImpl#addToCollection was fetched with the user's core session, not the unrestricted session.